CN113626485B - Searchable encryption method and system suitable for database management system - Google Patents
Searchable encryption method and system suitable for database management system Download PDFInfo
- Publication number
- CN113626485B CN113626485B CN202110753784.5A CN202110753784A CN113626485B CN 113626485 B CN113626485 B CN 113626485B CN 202110753784 A CN202110753784 A CN 202110753784A CN 113626485 B CN113626485 B CN 113626485B
- Authority
- CN
- China
- Prior art keywords
- prt
- endet
- tag
- exk
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 230000008569 process Effects 0.000 claims abstract description 21
- 238000007726 management method Methods 0.000 claims description 43
- 230000006870 function Effects 0.000 claims description 32
- 238000004422 calculation algorithm Methods 0.000 claims description 31
- 238000004364 calculation method Methods 0.000 claims description 13
- 239000000284 extract Substances 0.000 claims description 11
- 230000003044 adaptive effect Effects 0.000 claims description 9
- 238000000605 extraction Methods 0.000 claims description 9
- 101100026202 Neosartorya fumigata (strain ATCC MYA-4609 / Af293 / CBS 101355 / FGSC A1100) neg1 gene Proteins 0.000 claims description 6
- 239000013256 coordination polymer Substances 0.000 claims description 6
- 238000004458 analytical method Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 3
- 238000002474 experimental method Methods 0.000 claims description 3
- 239000011159 matrix material Substances 0.000 claims description 3
- 238000010200 validation analysis Methods 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 abstract description 6
- 238000004088 simulation Methods 0.000 description 8
- 230000007547 defect Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2457—Query processing with adaptation to user needs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of searchable encryption, and discloses a searchable encryption method and a searchable encryption system applicable to a database management system, wherein the searchable encryption method applicable to the database management system comprises the following steps: initializing a system; parameter processing and key generation; user u encrypts the file, generates keywords and a security index; a query process; the user obtains the required document with respect to the decryption of the ciphertext. The searchable encryption method suitable for the database management system can generate the index suitable for the database management system, and is called as the searchable symmetric encryption based on the variable label of the encryption index suitable for the database management system. The present invention constructs an index by using a part of the output value of the deterministic encryption function and provides a self-information control mechanism to gradually disclose the partial value. In addition, the invention also provides a certain safety function to carry out safety management on the information. Compared with the general scheme, the invention improves the encryption security and the search efficiency of the searchable encryption and is more suitable for a database management system.
Description
Technical Field
The invention belongs to the technical field of searchable encryption, and particularly relates to a searchable encryption method and system suitable for a database management system.
Background
At present, as people store data in the cloud end continuously and popularizes, people store more and more data in the cloud end, and meanwhile, the safety and reliability of the data are paid unprecedented attention. Although encryption technology is utilized to encrypt and store the file in the cloud end, confidentiality of data can be effectively guaranteed, and in this way, the data of a user lose much operability. For example, the search for the file is only performed by directly matching the keywords, but such an operation cannot be performed on the encrypted data. Therefore, in order to provide a ciphertext search method, a large number of searchable encryption methods are developed, but the currently proposed searchable encryption methods applicable to the database management system are mainly based on english words, and most schemes only support an accurate search scheme and a single keyword search.
For the needs of practical systems, it is often desirable that the content of the search is not just single, but rather that the search be conducted jointly by multiple keywords. At the same time, when a search operation is performed, some fine text formats or input errors are generated, but the conventional accurate search cannot tolerate the occurrence of such errors, so that the usability of the search system is greatly reduced. Therefore, a new searchable encryption method suitable for the database management system is needed to overcome the problems and disadvantages of the prior art.
Thus, through the above analysis, the prior art has the following problems and drawbacks: when a search operation is performed, some fine text formats or input errors are generated, and the existing accurate search method cannot tolerate the occurrence of the errors, so that the usability of a search system is greatly reduced.
The difficulty of solving the problems and the defects is as follows:
In view of the above practical problems, how to construct a reasonable index to reduce the search time after the user submits the encrypted file and the encrypted keyword, and avoid search errors becomes a key to solve the above problems. Too simple an index may increase the time cost of searching, while too complex an index is difficult to construct, difficult to operate, and results in reduced availability.
The meaning of solving the problems and the defects is as follows: for this the invention chooses to construct a label-based searchable encryption scheme. The user wants to store the files, and submits the encrypted files and the corresponding encrypted keywords of each file at the same time. Keywords are treated as labels independent of other keywords. And after receiving the label, the server performs reliable safe calculation processing and constructs a corresponding index. Two ideas are mainly applied, one is to construct an index by using a small part of deterministic encryption functions, and the other is to provide a self-information control mechanism to gradually disclose partial values. The scheme constructs a searchable encryption method suitable for the database management system, constructs a reasonable index, and improves the searching efficiency and the data security.
Disclosure of Invention
Aiming at the problems existing in the prior art, the invention provides a searchable encryption method and a searchable encryption system applicable to a database management system, in particular to an index generation method and a searchable encryption scheme construction applicable to the database management system.
The invention is realized in that a searchable encryption method suitable for a database management system comprises the following steps:
step one, initializing a system;
The system initializes each module and selects the appropriate security parameters and common parameters for the system.
Step two, parameter processing and key generation;
Generating a hash function, a pseudo-random function and a system key used by the scheme according to the parameters selected in the step one;
step three, user u encrypts the file, generates key words and safety indexes;
a user selects a proper identifier for a file, encrypts the file and a file keyword, constructs a reasonable security index according to a scheme, and sends the security index to a server for storage inquiry and the like;
Step four, inquiring process;
the user uses the key words and the system key to inquire the file, and the server inquires the corresponding encrypted file according to the scheme and sends the encrypted file to the user;
step five, decrypting the ciphertext by the user to obtain a required document;
and the user decrypts the file pocket according to the ciphertext and the system key to obtain the original file.
Further, in step one, the initializing system includes:
System parameters are initialized, a security parameter lambda is input, and a system public parameter CP= (SEA, lambda) is generated according to the security parameter, and a symmetrical encryption scheme SEA= (Gen, enc, dec) is adopted.
Further, in the second step, the parameter processing and key generation include:
the data owner hashes the function H according to the common parameter CP: {0,1} λ×{0,1}*→{0,1}λ is a one-way trapdoor function, pseudo-random function F: {0,1} λ×{0,1}*→{0,1}λ;
Order the Becomes a hash table of random oracle, and the initial state is/>System key K, select/>Yielding K 4←SEA.KeyGen(1λ) and then a system key k= (K 1,k2,k3,k4).
Further, in the third step, the generating of the file encryption, the keyword and the security index by the user u includes:
user u inputs a document set d= (D 1,...,DN), and the user performs the calculation according to the following steps:
(1) For a document set d= (D 1,...,DN), wherein Is one of the documents, ω is the keyword of the document, D '= (ω' 1,...,ω′len(D)) is a set of unique keywords of D; uniformly and randomly selecting a unique identifier ID for each document D i epsilon D (D i)∈{0,1}μ, encrypted document D i, C i←SEA.Enc(k4,Di);
(2) The probability label prt i=tag(ωi is calculated for each keyword ω i in the document and stored in the system. The prt calculation process is selected as follows Calculating prt 1′:=H(H(K1||ω)||prt2 ') to obtain prt= (prt 1′,prt2');
(3) And indexing the set of the ciphertext document C and the probability label prt, and storing the set of the ciphertext document C and the probability label prt in a database.
Further, in the fourth step, the query process includes:
(1) In the keyword query process, a user inputs a keyword omega to be queried and a system key K;
(2) After the database obtains the keyword omega and the system key K, the trapdoor trd is calculated: =h (K 1 ||ω), analyzing prt i=(prt1′,prt2 '), and calculating prt' 1:=H(trd||prt2); if prt 1=prt′1, output b: =1, otherwise output b: =0;
(3) Calculating det i:=H(k2||ω)|i for i e [1, L ] based on the key ω and the system key K and the document length L to be determined, resulting in a determined tag set DeT: = (det 1,...,detL); computing exk i:=H(k3 i for i e 1, l, resulting in extraction key set ExK: = (exk 1,...,exkL);
(4) Selecting, for all i.e. [1, L ], based on the determined tag set DeT and the extracted key set ExK Calculation/>Cause endet i:=(endeti,1,endeti,2), resulting in encrypted validation tag EnDeT: = (endet 1,...,endetL);
(5) Selecting an ith keyword corresponding to the required query according to the encrypted definite label, and analyzing EnDeT: = (endet 1,...,endetL) and endet i:=(endeti,1,endeti,2), output And extracting the element in the ith bit in DeT so as to obtain the keyword label to be queried.
Further, in the fifth step, the user decrypts the ciphertext to obtain the required document, including:
The user inputs the obtained ciphertext C i containing the desired key ω i and the system key K, and obtains plaintext D i←SEA.Dec(k4,Ci) by a decryption algorithm.
Further, the searchable encryption method applicable to the database management system further comprises:
(1) Mathematical notation: using Representing all positive real numbers; if any positive polynomial combination exists/>Function neg1: /(I)Negligible; a is a probability algorithm, then y+.A (x), where y represents a uniform random distribution band and x is the input value; let S be a finite set then/>S is selected from S uniformly; for positive integers m and n (m < n), [ m, n ] is expressed as the set { m, m +1,., n }; for binary bit strings x and y, the concatenation is denoted with x y.
(2) Symmetric cryptographic primitives:
pseudo-random function: for key function F: {0,1} λ×{0,1}m→{0,1}n if F is polynomial in λ, and for any polynomial probability time PPT algorithm A, so that
Where FunC [ m, n ] is a set of all {0,1} m→{0,1}n functions, then F is pseudo-random.
Symmetric key encryption scheme SEA: for symmetric key encryption scheme sea= (Gen, enc, dec), if for any PPT algorithm a there is Wherein Enc K (lr (·, ·, b)) is the left-right choice in oracle for output (x 0,x1); c 0←EncK(x0 if b=0), C 1←EncK(x1) if b=1, satisfies the above conditions, SEA is the safest in LOR-CPA.
(3) Searchable encrypted SSE symbols
1) Let ω be the keyword and,Is a group of keywords;
2) Let d= (ω 1,...,ωlen(D)) be a document, d= (D 1,...,DN) be a document set; c= (C 1,...,CN) is the ciphertext set, where C i is the ciphertext generated by D i, i e [1, n ]; let D '= (ω' 1,...,ω′len(D)) be a unique set of keywords for D; i.e., for any, i, j ε [1, len (D ') ] (i < j), there is ω' i≠ω′j;
3) Let ID (D i)∈{0,1}μ be the identifier of file D i;
4) For the document set d= (D 1,...,DN), let D (ω) = { id (D i)|ω∈Di }, search order be w= (ω l,...,ωq), let D (w) = (D (ω l),...,D(ωq));
5) Let T be the tag set of a set of keywords (ω 1,...,ωM); let ID (tag) e {0,1} μ be the tag's identifier; for one tag set t= (tag 1,...,tagN); let T (ω) = { ID (tag i)|tagi includes ω, i e [1, n ] }, let T (w) = (T (ω 1),...,T(ωN)) for search order (ω 1,...,ωM).
Further, the searchable encryption method applicable to the database management system further comprises:
The encryption scheme consists of ten polynomial algorithms KeyGen, enc, dec, tag, trapdoor, search, deterTag, exKeyGen, enDeterTag, exDeterTag; wherein, the algorithm process is as follows:
(1) Generating a secret key KeyGen (1 λ): selecting Yielding K 4←SEA.KeyGen(1λ), output k= (K 1,k2,k3,k4);
(2) Encryption Enc (K, D): output c≡sea.enc (k 4, D);
(3) Decryption Dec (K, C): output d≡sea. Dec (k 4, C);
(4) Calculating probability tags Tag (K, ω): selecting Calculate prt 1:=H(H(k1||ω)||prt2), output prt= (prt 1,prt2);
(5) Trapdoor Trapdoor (K, ω) was calculated: output trd: =h (k 1 ||ω);
(6) Search (pt, tr): analysis of prt: = (prt 1,prt2), prt' 1:=H(trd||prt2 is calculated, if prt 1=prt′1, output b: =1, otherwise output b: =0;
(7) Calculate deterministic label DeterTag (K, ω, L): let i:=H(k2||ω)|i is calculated for all i ε [1, L ], output DeT: = (det 1,...,detL);
(8) Extraction key ExKeyGen (K, L): calculate exk i:=H(k3 i where i e [1, l ], output ExK: = (exk 1,...,exkL);
(9) Encryption determination tag ENDETERTAG (EK, DT): selecting all i E [1, L ] Calculation/>Then let edt i:=(edti,1,edti,2) to act. Output EDT: = (edt 1,...,edtL);
(10) Extract element determination tag ExDeterTag (exk i, i, enDeT): resolution EnDeT: = (endet 1,...,endetL) and endet i:=(endeti,1,endeti,2), output
In order to guarantee the safety of the solution, the following conditions must be met:
1) For the following And k≡keygen (1 λ), satisfying d=dec (K, enc (K, D));
2) For the following Ω∈Δ, and k≡keygen (1 λ), satisfying Search ((Tag (K, ω), trapdoor (K, ω))=1;
3) For the following I e [1, L ], ω e Δ, k≡keygen (1 λ), and ExK + ExKeyGen (K, L), satisfy ExDeterTag (exk i,i,EnDeterTag(ExK,DeterTag(K,ω,L)))=deti, deterTag (K, ω, L) = (det 1,...,deti,...,detL).
Further, the searchable encryption method applicable to the database management system further comprises:
According to the security formalization, an adaptive security definition is provided for the present scheme by using a leakage function L, which represents an acceptable information leakage in the present scheme, wherein history Is the tuple of document collection D, search sequence w, and a set of extraction locations/>, which have been queried from adversaries and challengers
Definition: in the scheme, lambda is a safety parameter; let α and β be state algorithms; probability experiments R α(1λ) and I α,β(1λ) are defined as follows:
(1) R α(1λ) a challenger C executes k≡keygen (1 λ) and ExK ≡ ExKeyGen (K, L); the number of polynomials that adversary a generates an adaptive query is as follows:
1) If A queries a document D and an operation Enc, C executes C≡enc (K, D) and then sends it to A;
2) If A queries a keyword ω and an operation Tag, C performs prt≡tag (K, ω) and then sends it to A;
3) If A queries a keyword ω and an operation Trapdoor, then C executes trd≡ Trapdoor (K, ω) and then sends it to A;
4) If A queries a keyword ω and an operation ENDETERTAG, then C executes EnDeT +. ENDETERTAG (ExK, deT) and then sends EDT to A;
5) If A queries extract location i and one operation ExtKey, then C sends exk i to A;
6) Finally, A returns the value b ε {0,1}.
(2) I α,β(1λ) a simulator S generates K and ExK from λ and L; the adversary a generates the number of adaptive query polynomials as follows, whereIs the history after the j-th query of a:
1) If A queries a document D and an operation Enc, then S is defined by Generating C and then sending the C to A;
2) If A queries a keyword ω and an operation Tag, then S is defined by Generating prt and then sending it to a;
3) If A queries a keyword ω and an operation Trapdoor, then S is defined by Trd is generated and then sent to A;
4) If A queries a keyword ω and an operation ENDETERTAG, then S is defined by EnDeT is generated and then sent to a;
5) If the A query extracts location i and an operation ExtKey, then S is defined by Exk i is generated and then sent to a;
6) Finally, the A output b ε {0,1}.
When there is one PPT algorithm β for any security parameter 1 λ and any PPT algorithm α, as follows, |pr [ R α(1λ)=1]-Pr[Iα,β(1λ) =1 ]. Ltoreq.neg1 (λ) |;
the solution is adaptively secure.
The following information is presented in the general SSE scheme.
After adding document D, information len (D), ID (D) and len (D ') can be obtained from ciphertext C, we define L 1 (D) = (len (D), ID (D), len (D')).
The algorithm Search shows the Search result between prt and trd, we define L 2 (T, w) =t (w).
Since Trapdoor is deterministic, when ω i=ωj is obtained by examining trd (ω i)=trd(ωj), any user with trapdoors trd (ω i) and trd (ω j) can be determined. We define L 3(ω1,…,ωq)=SPq where SP q=(spi,j)1≤i,j≤q is a binary symmetric matrix, SP i,j =1 if ω i=ωj, otherwise SP i,j =0.
The following information is presented from the scheme determination mark:
By exk i of publication ExK, the i-th line number of keyword w j of one EnDeT j Also disclosed. Let/>Wherein, i is more than or equal to 1 and less than or equal to L, and b is {0,1}. ID (EnDeT j) is an identifier of EnDeT j, we define/>
This information is closely related to L 3(ω1,…,ωq) because anyone can determine the information about the information for i.epsilon.1, L by examining trd (ω i)=trd(ωj),And/>Is equivalent to (a) in terms of (b). We get the security we define to be the same as a general scheme if there is no query of a for ENDETERTAG or ExtKey.
It is a further object of the present invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of the searchable encryption method adapted to a database management system.
Another object of the present invention is to provide a searchable encryption system applicable to a database management system to which the searchable encryption method applicable to a database management system is applied, the searchable encryption system applicable to a database management system comprising:
The initialization module is used for initializing the system;
the key generation module is used for carrying out parameter processing and key generation;
The generation module is used for generating file encryption, keywords and security indexes by a user u;
the query module is used for carrying out a query process;
And the document acquisition module is used for decrypting the ciphertext of the user to acquire the required document.
By combining all the technical schemes, the invention has the advantages and positive effects that: the searchable encryption method suitable for the database management system provided by the invention can generate the index suitable for the database management system, which is called symmetric encryption or IG-TSSE which can be searched based on the variable label of the encryption index. The present invention constructs an index by using a small portion of the output value of the deterministic encryption function and provides a self-information control mechanism to progressively disclose the partial value. Compared with the general scheme, the method and the device strengthen the encryption security and the search efficiency of the searchable encryption, and are more friendly to a database management system.
The scheme is a label-based searchable encryption, and can generate a suitable database management system index scheme, and the scheme is called a label-searchable symmetric encryption scheme or an IG-TSSE scheme based on encryption index variation. The scheme can also provide a simple safety function for adding and deleting. Briefly, the scheme is mainly divided into two parts, one is to construct an index using a part of the deterministic encryption output value; and secondly, providing a self-information control mechanism to gradually disclose partial values.
First, the scheme not only generates probability tags as common tags, but also generates a certainty tag for each keyword that a user wants to store a document. To generate deterministic labels, the present invention uses a short bit string contained in a deterministic encrypted output value, and then can construct a B-Tree, etc. index from the deterministic label's database management system support. The index built from deterministic labels is used to narrow down the probability labels of the keyword search. In other words, the present invention more easily finds probability tags for the same key hidden in trapdoors. Meanwhile, the keyword searching process is slightly modified: the user calculates a trapdoor containing deterministic labels, the server finds candidates for probabilistic labels, then performs trapdoor checks, and then performs keyword searches in trapdoors and candidates.
Second, the present invention can gradually reveal deterministic labels through steps, if desired. To construct self-information control, the user encrypts each bit by using a different encryption key and stores them in the server. If the user wants to disclose a portion of the deterministic tag to reduce the search cost, the user is required to send an encryption key to the server. The server then extracts the ordinary deterministic bits by decrypting the encrypted deterministic label from the encryption key and constructs an index from them, such as the index of a B-tree.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a searchable encryption method applicable to a database management system according to an embodiment of the present invention.
FIG. 2 is a block diagram of a searchable encryption system adapted for use in a database management system according to an embodiment of the present invention;
In the figure: 1. initializing a module; 2. a key generation module; 3. a generating module; 4. a query module; 5. and a document acquisition module.
Detailed Description
The present invention will be described in further detail with reference to the following examples in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
In view of the problems existing in the prior art, the present invention provides a searchable encryption method and system suitable for a database management system, and the present invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the searchable encryption method applicable to the database management system provided by the embodiment of the invention includes the following steps:
s101, initializing a system;
s102, parameter processing and key generation;
s103, encrypting the file, generating keywords and a security index by a user u;
S104, inquiring the process;
s105, the user obtains a required document about decryption of the ciphertext.
As shown in fig. 2, a searchable encryption system applicable to a database management system according to an embodiment of the present invention includes:
An initialization module 1 for initializing a system;
a key generation module 2 for performing parameter processing and key generation;
the generation module 3 is used for generating file encryption, keywords and security indexes by the user u;
The query module 4 is used for performing a query process;
and the document acquisition module 5 is used for decrypting the ciphertext of the user to acquire the required document.
The technical scheme of the invention is further described below by combining the embodiments.
The scheme is a label-based searchable encryption, and can generate a database management system index scheme, which is called a variable label-based searchable symmetric encryption scheme or an IG-TSSE scheme. The scheme can also provide a simple safety function for adding and deleting. Briefly, the scheme is mainly divided into two parts, one is to construct an index using a part of the deterministic encryption output value; and secondly, providing a self-information control mechanism to gradually disclose partial values.
First, the scheme not only generates probability tags as common tags, but also generates a certainty tag for each keyword that a user wants to store a document. To generate deterministic labels, the present invention uses a short bit string contained in a deterministic encrypted output value, and then can construct a B-Tree, etc. index from the deterministic label's database management system support. The index built from deterministic labels is used to narrow down the probability labels of the keyword search. In other words, the present invention more easily finds probability tags for the same key hidden in trapdoors. Meanwhile, the keyword searching process is slightly modified: the user calculates a trapdoor containing deterministic labels, the server finds candidates for probabilistic labels, then performs trapdoor checks, and then performs keyword searches in trapdoors and candidates.
Second, the present invention can gradually reveal deterministic labels through steps, if desired. To construct self-information control, the user encrypts each bit by using a different encryption key and stores them in the server. If the user wants to disclose a portion of the deterministic tag to reduce the search cost, the user is required to send an encryption key to the server. The server then extracts the ordinary deterministic bits by decrypting the encrypted deterministic label from the encryption key and constructs an index from them, such as the index of a B-tree.
The invention discloses a searchable encryption scheme suitable for a database management system, which comprises the following steps:
and step 1, initializing a system.
System parameters are initialized, a security parameter lambda is input, and a system public parameter CP= (SEA, lambda) is generated according to the security parameter, and a symmetrical encryption scheme SEA= (Gen, enc, dec) is adopted.
Step 2, parameter processing and key generation
The data owner hashes the function H according to the common parameter CP: {0,1} λ×{0,1}*→{0,1}λ is a one-way trapdoor function, pseudo-random function F: {0,1} λ×{0,1}*→{0,1}λ. Order the Becomes a hash table of random oracle, and the initial state is/>System key K, select/>Yielding K 4←SEA.KeyGen(1λ) and then a system key k= (K 1,k2,k3,k4).
Step 3, user u encrypts file, generates key words and safety indexes
User u inputs a document set d= (D 1,...,DN), and the user performs the calculation according to the following steps:
3.1 For a document set d= (D 1,...,DN), where Is one of the documents, ω is the keyword of the document, and D '= (ω' 1,...,ω′len(D)) is a set of unique keywords of D. Uniformly and randomly selecting a unique identifier ID for each document D i epsilon D (D i)∈{0,1}μ, encrypted document D i, C i←SEA.Enc(k4,Di);
3.2 For each keyword ω i in the document, calculate its probability tag prt i=tag(ωi), stored in the system. The prt calculation process is selected as follows Calculating prt 1′:=H(H(k1||ω)||prt2 ') to obtain prt= (prt 1′,prt2');
3.3 Index the set of ciphertext documents C and probability tags prt, store in a database.
Step 4: query process
4.1 During the keyword query process, the user inputs the keyword omega and the system key K to be queried;
4.2 After obtaining the key ω and the system key K, the database calculates trapdoor trd: =h (K 1 ||ω), analyze prt i=(prt1′,prt2 '), and calculate prt' 1:=H(trd||prt2), if prt 1=prt′1, output b: =1, otherwise output b: =0.
4.3 Calculating det i:=H(k2||ω)|i for i e [1, L ] based on the key ω and the system key K and the document length L to be determined, resulting in a determined tag set DeT: = (det 1,...,detL); computing exk i:=H(k3 i for i e 1, l, resulting in extraction key set ExK: = (exk 1,...,exkL);
4.4 Based on the determined tag set DeT and the extracted key set ExK, select for all i ε [1, L ] Calculation/>Then command endet i:=(endeti,1,endeti,2) to obtain encrypted validation tag EnDeT: = (endet 1,...,endetL).
4.5 So as to select the ith keyword corresponding to the query request according to the encrypted determined label, and analyze EnDeT: = (endet 1,...,endetL) and endet i:=(endeti,1,endeti,2), output And extracting the element in the ith bit in DeT so as to obtain the keyword label to be queried.
Step 5: decrypting ciphertext by user to obtain required document
The user inputs the obtained ciphertext C i containing the required key omega i and the system key K, and obtains a plaintext D i←SEA.Dec(k4,Ci through a decryption algorithm).
The present embodiment will be described in detail below.
Description of the invention is applicable to a searchable encryption scheme for a database management system: before constructing an index suitable for the database management system, some mathematical symbols required in the steps of the following scheme are introduced.
(1) Mathematical notation: the invention usesRepresenting all positive real numbers. If any positive polynomial combination existsFunction neg1: /(I)Negligible. A is a probabilistic algorithm, then y≡a (x), where y represents a uniform random distribution band and x is an input value. Let S be a finite set then/>And S is uniformly selected from S. For positive integers m and n (m < n), [ m, n ] is expressed as the set { m, m+1,. }. For binary bit strings x and y, x||y is used to represent their concatenation.
(2) Symmetric cryptographic primitives:
Pseudo-random function: for key function F: {0,1} λ×{0,1}m→{0,1}n if f is polynomial in λ, and for any Polynomial Probability Time (PPT) algorithm A, it can be made to be
Where FunC [ m, n ] is a set of all {0,1} m→{0,1}n functions, then F is pseudo-random.
Symmetric key encryption scheme SEA: for symmetric key encryption scheme sea= (Gen, enc, dec), if for any PPT algorithm a there is
Where Enc K (lr (·, ·, b)) is the left-right choice in oracle, for output (x 0,x1), C 0←EncK(x0 if b=0, C 1←EncK(x1) if b=1), the above conditions are met, SEA is the safest in LOR-CPA.
(3) Searchable encrypted SSE symbols
1) Let ω be the keyword and,Is a set of keywords.
2) Let d= (ω 1,...,ωlen(D)) be one document and d= (D 1,...,DN) be one document collection. C= (C 1,...,CN) is the ciphertext set, where C i is the ciphertext generated by D i, i e [1, n ]. Let D '= (ω' 1,...,ω′len(D)) be a unique set of keywords for D. I.e., for any i, j.epsilon.1, len (D ') ] (i < j), there is ω' i≠ω′j.
3) Let ID (D i)∈{0,1}μ be the identifier of file D i).
4) For the document set d= (D 1,...,DN), let D (ω) = { ID (D i)|ω∈Di }, search order be w= (ω l,...,ωq), let D (w) = (D (ω l),...,D(ωq)).
5) Let T be the set of labels for a set of keywords (ω 1,...,ωN). Let ID (tag) e {0,1} μ be the tag's identifier. For one tag set t= (tag 1,...,tagN). Let T (ω) = { ID (tag i)|tagi includes ω, i e [1, n ] }.
The encryption scheme consists of ten polynomial algorithms KeyGen, enc, dec, tag, trapdoor, search, deterTag, exKeyGen, enDeterTag, exDeterTag, and the specific process of the algorithm is as follows:
1) Generating a secret key KeyGen (1 λ): selecting Yielding K 4←SEA.KeyGen(1λ) and then outputs k= (K 1,k2,k3,k4).
2) Encryption Enc (K, D): output c≡sea.enc (k 4, D).
3) Decryption Dec (K, C): output d≡sea. Dec (k 4, C).
4) Calculating probability tags Tag (K, ω): selectingPrt 1:=H(H(k1||ω)||prt2 is calculated) and prt= (prt 1,prt2) is output.
5) Trapdoor Trapdoor (K, ω) was calculated: output trd: =h (k 1 ||ω).
6) Search (prt, trd): analysis of prt: = (prt 1,prt2), prt' 1:=H(trd||prt2 is calculated, if prt 1=prt′1, output b: =1, otherwise output b: =0.
7) Calculate deterministic label DeterTag (K, ω, L): let i:=H(k2||ω)|i is calculated for all i ε [1, L ], output DeT: = (det 1,...,detL)
8) Extraction key ExKeyGen (K, L): calculate exk i:=H(k3 i where i e [1, l ], output ExK: = (exk 1,...,exkL).
9) Encryption determination tag ENDETERTAG (ExK, deT): selecting all i E [1, L ] Calculation/>Then let endet i:=(endeti,1,endeti,2) to act. Output EnDeT: = (endet 1,...,endetL).
10 Extract element determination tag ExDeterTag (exk i, i, enDeT): resolution EnDeT: = (endet 1,...,endetL) and endet i:=(endeti,1,endeti,2), output
In order to guarantee the safety of the solution, the following conditions must be met:
1) For the following And k≡keygen (1 λ), satisfying d=dec (K, enc (K, D));
2) For the following Ω∈Δ, and k≡keygen (1 λ), satisfying Search ((Tag (K, ω), trapdoor (K, ω))=1;
3) For the following I e [1, L ], ω e Δ, k≡keygen (1 λ), and ExK + ExKeyGen (K, L), satisfy ExDeterTag (exk i,i,EnDeterTag(ExK,DeterTag(K,ω,L)))=deti, deterTag (K, ω, L) = (det 1,...,deti,...,detL).
According to the security formalization, the present invention provides an adaptive security definition by using a leakage function L, which represents an acceptable information leakage in the scheme, wherein the historyIs the tuple of document collection D, search sequence w, and a set of extraction locations/>, which have been queried from adversaries and challengers
The invention thus defines: in this scheme, λ is a security parameter. Let α and β be state algorithms. Probability experiments R α(1λ) and I α,β(1λ) were then defined as follows:
(1) R α(1λ) one challenger C executes k≡keygen (1 λ) and ExK ≡ ExKeyGen (K, L). The number of polynomials that adversary a generates an adaptive query is as follows:
1) If A queries a document D and an operation Enc, C performs C≡enc (K, D) and then sends it to A.
2) If A queries a keyword ω and an operation Tag, C performs prt≡tag (K, ω) and then sends it to A
3) If A queries a keyword ω and an operation Trapdoor, C performs trd≡ Trapdoor (K, ω) and then sends it to A
4) If A queries a keyword ω and an operation ENDETERTAG, then C executes EnDeT +. ENDETERTAG (ExK, deT) and then sends ExDeT to A
5) If the A-query extracts location i and an operation ExtKey, then C sends exk i to A
6) Finally, A returns the value b ε {0,1}.
(2) I α,β(1λ) a simulator S generates K and ExK from λ and L. The adversary a generates the number of adaptive query polynomials as follows, whereIs the history after the j-th query of a:
1) If A queries a document D and an operation Enc, then S is defined by Generate C and then send it to A
2) If A queries a keyword ω and an operation Tag, then S is defined byGenerates prt and sends it to A
3) If A queries a keyword ω and an operation Trapdoor, then S is defined byGenerate trd and then send it to A
4) If A queries a keyword ω and an operation ENDETERTAG, then S is defined byGenerate EnDeT, then send it to A
5) If the A query extracts location i and an operation ExtKey, then S is defined byGenerate exk i, then send it to A
6) Finally, the A output b E {0,1}
When there is one PPT algorithm beta for any security parameter 1 λ and any PPT algorithm alpha, there is one PPT algorithm beta as follows,
|Pr[Rα(1λ)=1]-Pr[Iα,β(1λ)=1]≤neg1(λ)|
The solution is adaptively secure.
The invention is described here with the above-mentioned leakage function L, the following information being used to demonstrate the general SSE scheme.
After adding document D, information len (D), ID (D) and len (D ') can be obtained from ciphertext C, we define L 1 (D) = (len (D), ID (D), len (D')).
The algorithm Search shows the Search result between prt and trd, we define L 2 (T, w) =t (w).
Since Trapdoor is deterministic, when ω i=ωj is obtained by examining trd (ω i)=trd(ωj), any user with trapdoors trd (ω i) and trd (ω j) can be determined. We define L 3(ω1,…,ωq)=SPq where SP q=(spi,j)1≤i,j≤q is a binary symmetric matrix, SP i,j =1 if ω i=ωj, else SP i,j =0
The following information is presented from the scheme determination mark:
By exk i of publication ExK, the i-th line number of keyword w j of one EnDeT j are also disclosed. Let/>Wherein, i is more than or equal to 1 and less than or equal to L, and b is {0,1}. ID (EnDeT j) is an identifier of EnDeT j, we define/>
This information is closely related to L 3(ω1,…,ωq) because anyone can determine the information about the information for i.epsilon.1, L by examining trd (ω i)=trd(ωj),And/>Is equivalent to (a) in terms of (b). We have the security defined by the present invention to be the same as the general scheme if there is no query for ENDETERTAG or ExtKey for a.
The invention provides a searchable encryption scheme based on labels, which can generate indexes suitable for a database management system. The invention refers to a variable label searchable symmetric encryption based on encryption index. The present scheme constructs an index by using a small portion of the output value of the deterministic encryption function, and provides a self-information control mechanism to gradually disclose the partial value. Compared with the general scheme, the encryption security and the search efficiency of the searchable encryption are enhanced, and the method is more suitable for a database management system.
If attacker A does not query ENCDETTAG and ExtKey, we can prove by following the existing security credentials. Whereas for this scenario we mainly model queries proving ENCDETTAG and ExtKey. To this end we construct a finite state PPT simulator M
1) Initialized simulation
Order theIts initial state is/>M selects key/> For simulation exk i, when/>When for i.epsilon.1, L, M will/>Stored at/>Is a kind of medium. That is, M sets the i-th extraction key exki as/>Is included in the random bit stream of (a).
2) Prior to any exk i being disclosed, enDeT was simulated
Let ω j be the j-th keyword from the A query. Here we assume that a does not query ExtKey.
If A is querying simulator M (ω j, ENDETERTAG), M is chosen for i ε [1, L ]AndAnd then/>And sending to A. Where simulator M is provided with/>/>
3) Simulation exk i of a query
If a queries (i, extKey) the simulator M, M first checks if i has already been queried.
If it has been queried, simulator M sends againGiving A. If not queried, M must model/>, for k.epsilon.1, jWherein ω 1,...,ωj must be that A has been queried at ENDETERTAG and/>Is omega k determines the ith bit of the tag. For better simulation, M is chosen for k.epsilon.1, j And will/> Stored at/>Is a kind of medium. Can be used/>To calculate the output, which is the information that is revealed after run ExtKey. After this, M will/>And sending to A.
4) Simulation of EnDeT after exk i is disclosed
Let ω q be the q-th keyword of the a query. Let EXP ε [1, L ] be the extra position that A has already been queried. Here we assume a pair M query (ω q, ENDETERTAG). Similarly, before we disclose any exki, M is chosen for iε [1, L ]And/>And set/> In addition, because of/>It has been disclosed that for i.epsilon.EXP, M must simulate/>In addition, for i ε EXP, M is chosenBy using/>Will/> Store to/>Is a kind of medium. After this, M will/>And sending to A.
5) From the above simulations, we analyze as follows:
1. From the above analysis, a guesses that k 3 generated by M is almost impossible, so a is almost impossible for any random oracle to query for any bit string k 3 |. So A cannot infer anything Likewise, a guesses that k 2 generated by M is nearly impossible, so a is nearly impossible for any random oracle query to any bit string k 2 |. So in disclosure exk i (in our simulations is/>) Previously, a could not obtain any partial information of det.
2. We use to generate a deterministic Tag and its encryption emulation that is not affected by Enc, tag, trapdoor even though a has queried in M for file D and its keywords through these operations. This is because EnDeT depends only on k 2、k3 and is independent of k 1、k4, k 1、k4 is used to generate C, prt, trd. Similarly, our simulation of EnDeT does not affect C, prt, trd, as we have difficulty distinguishing the simulated encryption of certain tags. In addition, while A knows about (j, k), so that in L 3 (w), for iε [1, L ] ω j=ωk andWhen A cannot determine i [ E [1, L ]/>Or 1.
3. In the A directionQuery/>Previously, if not disclosed/>A cannot obtain any/>In the publication/>Thereafter, in order to obtain/>If A direction/>Query/>Then a will acquireThen by running/>A acquisition/>Even it owns/>
From the above demonstration, we know that M is an effective simulator, implementing our security scheme.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When used in whole or in part, is implemented in the form of a computer program product comprising one or more computer instructions. When loaded or executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk Solid STATE DISK (SSD)), etc.
The foregoing is merely illustrative of specific embodiments of the present invention, and the scope of the invention is not limited thereto, but any modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present invention will be apparent to those skilled in the art within the scope of the present invention.
Claims (7)
1. A searchable encryption method applicable to a database management system, the searchable encryption method applicable to the database management system comprising the steps of:
step one, initializing a system;
Step two, parameter processing and key generation;
step three, user u encrypts the file, generates key words and safety indexes;
Step four, inquiring process;
step five, decrypting the ciphertext by the user to obtain a required document;
in the second step, the parameter processing and key generation include:
The data owner hashes the function H according to the common parameter CP: {0, 1) λ×{0,1}*→{0,1}λ is a one-way trapdoor function, pseudo-random function F: {0,1} λ×{0,1}*→{0,1}λ;
Order the Becomes a hash table of random oracle, and the initial state is/>System key K, select/>Yielding K 4←SEA,KeyGen(1λ) and then a system key k= (K 1,k2,k3,k4);
In the third step, the generation of the file encryption, the key words and the security index by the user u includes:
user u inputs a document set d= (D 1,...,DN), and the user performs the calculation according to the following steps:
(1) For a set of documents d= (D 1,...,DN, where D i=(ωi.1,...,ωi.len(Di)) is one of the documents, ω is the keyword of the document, D '= (ω' 1,...,ω′len(D) is a set of unique keywords of D; uniformly and randomly selecting a unique identifier ID for each document D i epsilon D (D i)∈{0,1}μ, encrypted document D i, C i←SEA.Enc(k4,Di); ;
(2) Calculating a probability label prt i=tag(ωi of each keyword omega i in the document, and storing the probability label prt i=tag(ωi in a system; the prt calculation process is selected as follows Calculating prt 1′:=H(H(k1||ω)||prt2 'to obtain prt= (prt 1′,prt2');
(3) Establishing an index for a set of the ciphertext document C and the probability label prt, and storing the index in a database;
In the fourth step, the query process includes:
(1) In the keyword query process, a user inputs a keyword omega to be queried and a system key K;
(2) After the database obtains the keyword omega and the system key K, the trapdoor trd is calculated: =h (k 1 ||ω), analyzing prt i=(prt1′,prt2 '), and calculating prt' 1:=H(trd||prt2); if prt 1=prt′1, output b: =1, otherwise output b: =0;
(3) Calculating det i=H(k2||ω|i for i e [1, L ] based on the key ω and the system key K and the document length L to be determined, resulting in a determined tag set DeT: = (det 1,...,detL); computing exk i:=H(k3 i for i e 1, l, resulting in extraction key set ExK: = (exk 1,...,exkL);
(4) Selecting, for all i.e. [1, L ], based on the determined tag set DeT and the extracted key set ExK Calculation/>Cause endet i:=(endeti,1,endeti,2), resulting in encrypted validation tag EnDeT: = (endet 1,...,endetL);
(5) Selecting an ith keyword corresponding to the required query according to the encrypted definite label, and analyzing EnDeT: = (endet 1,...,endetL) and endet i:=(endeti,1,endeti,2), output And extracting the element in the ith bit in DeT so as to obtain the keyword label to be queried.
2. The method of claim 1, wherein in step one, the initializing system comprises: system parameters are initialized, a security parameter lambda is input, and a system public parameter CP= (SEA, lambda) is generated according to the security parameter, and a symmetrical encryption scheme SEA= (Gen, enc, dec) is adopted.
3. The method of claim 1, wherein in step five, the user obtains the desired document with respect to decryption of ciphertext, comprising:
the user inputs the obtained ciphertext C i containing the desired key ω i and the system key K, and obtains plaintext D i←SEA,Dec(k4,Ci) by a decryption algorithm.
4. The searchable encryption method applicable to a database management system as recited in claim 1, wherein the searchable encryption method applicable to a database management system further comprises:
(1) Mathematical notation: using Representing all positive real numbers; if any positive polynomial combination exists/>Function neg1: /(I)Negligible; a is a probability algorithm, then y+.A (x), where y represents a uniform random distribution band and x is the input value; let S be a finite set then/>S is selected from S uniformly; for positive integers m and n (m < n), [ m, n ] is expressed as the set { m, m+1,., n }; for binary bit strings x and y, the concatenation is represented using x||y;
(2) Symmetric cryptographic primitives:
pseudo-random function: for key function F: {0,1} λ×{0,1}m→{0,1}n if F is polynomial in λ, and for any polynomial probability time PPT algorithm A, so that
Where FunC [ m, n ] is a set of all {0,1} m→{0,1}n functions, then F is pseudo-random;
symmetric key encryption scheme SEA: for symmetric key encryption scheme sea= (Gen, enc, dec), if for any PPT algorithm a there is Wherein Enc K (lr ((b)))) is the left-right choice in oracle for output (x 0,x1); c 0←EncK(x0 if b=0), C 1←EncK(x1 if b=1), satisfying the above conditions, SEA being the safest in LOR-CPA;
(3) Searchable encrypted SSE symbols
1) Let ω be the keyword and,Is a group of keywords;
2) Let d= (ω 1,...,ωlen (D)) be a document, d= (D 1,...,DN) be a document collection; c= (C 1,...,CN) is the ciphertext set, where C i is the ciphertext generated by D i, i e [1, n ]; let D '= (ω' 1,...,ω′len(D)) be a unique set of keywords for D; i.e., for any, i, j ε [1, len (D ') ] (i < j), there is ω' i≠ω′j;
3) Let ID (D i)∈{0,1}μ be the identifier of file D i;
4) For the document set d= (D 1,...,DN), let D (ω) = { ID (D i)|ω∈Di }, search order be w= (ω l,...,ωq), let D (w) = (D (ω l),...,D(ωq));
5) Let T be the tag set of a set of keywords (ω 1,...,ωM); let ID (tag) e {0,1} μ be the tag's identifier; for one tag set t= (tag 1,...,tagN); let T (ω) = { ID (tag i)|tagi includes ω, i e [1, n ] }, let T (w) = (T (ω 1),...,T(ωN)) for search order (ω 1,...,ωN).
5. The searchable encryption method applicable to a database management system as recited in claim 1, wherein the searchable encryption method applicable to a database management system further comprises:
The encryption scheme consists of ten polynomial algorithms KeyGen, enc, dec, tag, trapdoor, search, deterTag, exKeyGen, enDeterTag, exDeterTag; wherein, the algorithm process is as follows:
(1) Generating a secret key KeyGen (1 λ): : selecting Yielding K 4←SEA.KeyGen(1λ), output k= (K 1,k2,k3,k4);
(2) Encryption Enc (K, D): output c≡sea.enc (k 4, D);
(3) Decryption Dec (K, C): output d≡sea. Dec (k 4, C);
(4) Calculating probability tags Tag (K, ω): selecting Calculate prt 1:=H(H(k1||ω)||prt2), output prt= (prt 1,prt2);
(5) Calculating trapdoor Trapdoor (K, ω) output trd: =h (k 1 |ω);
(6) Search (prt, trd) analysis prt: = (prt 1,prt2), prt' 1:=H(trd||prt2 is calculated; if prt 1=prt′1, output b: =1, otherwise output b: =0;
(7) Computing deterministic tag DeterTag (K, ω, L) computes det i:=H(k2||ω)|i for all i ε [1, L ], output DeT: = (det 1,...,detL);
(8) Extracting key ExKeyGen (K, L) calculate exk i:=H(k3 i; wherein i ε [1, L ], output ExK: = (exk 1,...,exkL);
(9) Encryption determination tag ENDETERTAG (ExK, deT): selecting all i E [1, L ] Calculation ofThen let endet i:=(endeti,1,endeti,2) to act. Output EnDeT: = (endet 1,...,endetL);
(10) Extract element determination tag ExDeterTag (exk i, i, enDeT) parse EnDeT: = (endet 1,...,endetL) and endet i:=(endeti,1,endeti,2), output
In order to guarantee the safety of the solution, the following conditions must be met:
1) For the following And k≡keygen (1 λ), satisfying d=dec (K, enc (K, D));
2) For the following Ω∈Δ, and k≡keygen (1 λ), satisfying Search ((Tag (K, ω), trapdoor (K, ω))=1;
3) For the following I∈ [1, L ], ω∈Δ, k≡keygen (1 λ), and ExK + ExKeyGen (K, L), satisfying ExDeterTag (exk i,i,EnDeterTag(ExK,DeterTag(K,ω,L)))=deti; wherein DeterTag (K, ω, L) = (det 1,...,deti,...,detL);
the searchable encryption method suitable for the database management system further comprises the following steps:
According to the security formalization, an adaptive security definition is provided for the present scheme by using a leakage function L, which represents an acceptable information leakage in the present scheme, wherein history Is the tuple of document collection D, search sequence w, and a set of extraction locations/>, which have been queried from adversaries and challengers
Definition: in the scheme, lambda is a safety parameter; let α and β be state algorithms; probability experiments R α(1λ) and I α,β(1λ) are defined as follows:
(1) R α(1λ) a user C performs k≡keygen (1 λ) and ExK ≡ ExKeyGne (K, L); the number of polynomials that adversary a generates an adaptive query is as follows:
1) If A queries a document D and an operation Enc, C executes C≡enc (K, D) and then sends it to A;
2) If A queries a keyword ω and an operation Tag, C performs prt≡tag (K, ω) and then sends it to A;
3) If A queries a keyword ω and an operation Trapdoor, then C executes trd≡ Trapdoor (K, ω) and then sends it to A;
4) If A queries a keyword ω and an operation ENDETERTAG, then C executes EnDeT +. ENDETERTAG (ExK, deT) and then sends EnDeT to A;
5) If A queries extract location i and one operation ExtKey, then C sends exk i to A;
6) Finally, A returns the value b e {0,1};
(2) I α,β(1λ) a simulator S generates K and ExK from λ and L; the adversary a generates the number of adaptive query polynomials as follows, where Is the history after the j-th query of a:
1) If A queries a document D and an operation Enc, then S is defined by Generating C and then sending the C to A;
2) If A queries a keyword ω and an operation Tag, then S is defined by Generating prt and then sending it to a;
3) If A queries a keyword ω and an operation Trapdoor, then S is defined by Trd is generated and then sent to A;
4) If A queries a keyword ω and an operation ENDETERTAG, then S is defined by EnDeT is generated and then sent to a;
5) If the A query extracts location i and an operation ExtKey, then S is defined by Exk i is generated and then sent to a;
6) Finally, the A output b E {0,1};
When there is one PPT algorithm β for any security parameter 1 λ and any PPT algorithm α, as follows, |pr [ R α(1λ)=1]-Pr[Iα,β(1λ) =1 ]. Ltoreq.neg1 (λ) |;
The scheme is self-adaptive and safe;
The following information is used to demonstrate the general SSE scheme:
After adding document D, information len (D), ID (D) and len (D ') can be obtained from ciphertext C, defining L 1 (D) = (len (D), ID (D), len (D'));
the algorithm Search shows the Search result between prt and trd, defining L 2 (T, w) =t (w);
Since Trapdoor is deterministic, when ω i=ωj is obtained by examining trd (ω i)=trd(ωj), any user with trapdoors trd (ω i) and trd (ω j) can be determined; definition L 3(ω1,…,ωq)=SPq; where SP q=(spi,j)1≤i,j≤q is a binary symmetric matrix, if ω i=ωj, then SP i,j =1, otherwise SP i,j =0;
the following information is presented from the determination of the markers in this scenario:
By exk i of publication ExK, the i-th line number of keyword w j of one EnDeT j Is also disclosed; order theWherein i is more than or equal to 1 and less than or equal to L, b is {0,1}; ID (EnDeT j) is an identifier of EnDeT j, defining
This information is closely related to L 3(ω1,…,ωq) because anyone can determine the information about the information for i.epsilon.1, L by examining trd (ω i)=trd(ωj),And/>Is equivalent to (1); if there is no A query for ENDETERTAG or ExtKey, the security defined is the same as for the general scheme.
6. A computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of the searchable encryption method applicable to a database management system as claimed in any one of claims 1 to 5.
7. A searchable encryption system suitable for a database management system that implements the searchable encryption method suitable for a database management system as defined in any one of claims 1 to 5, wherein the searchable encryption system suitable for a database management system comprises:
The initialization module is used for initializing the system;
the key generation module is used for carrying out parameter processing and key generation;
The generation module is used for generating file encryption, keywords and security indexes by a user u;
the query module is used for carrying out a query process;
And the document acquisition module is used for decrypting the ciphertext of the user to acquire the required document.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110753784.5A CN113626485B (en) | 2021-07-03 | 2021-07-03 | Searchable encryption method and system suitable for database management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110753784.5A CN113626485B (en) | 2021-07-03 | 2021-07-03 | Searchable encryption method and system suitable for database management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113626485A CN113626485A (en) | 2021-11-09 |
| CN113626485B true CN113626485B (en) | 2024-05-31 |
Family
ID=78379038
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110753784.5A Active CN113626485B (en) | 2021-07-03 | 2021-07-03 | Searchable encryption method and system suitable for database management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113626485B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20080035295A (en) * | 2006-10-19 | 2008-04-23 | 고려대학교 산학협력단 | Method for searching encrypted database and system thereof |
| CN104052740A (en) * | 2014-05-22 | 2014-09-17 | 西安理工大学 | Verifiable and searchable encryption method based on dictionary in cloud storage |
| WO2021095384A1 (en) * | 2019-11-14 | 2021-05-20 | ソニーグループ株式会社 | Information processing device, terminal device, and search method |
-
2021
- 2021-07-03 CN CN202110753784.5A patent/CN113626485B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20080035295A (en) * | 2006-10-19 | 2008-04-23 | 고려대학교 산학협력단 | Method for searching encrypted database and system thereof |
| CN104052740A (en) * | 2014-05-22 | 2014-09-17 | 西安理工大学 | Verifiable and searchable encryption method based on dictionary in cloud storage |
| WO2021095384A1 (en) * | 2019-11-14 | 2021-05-20 | ソニーグループ株式会社 | Information processing device, terminal device, and search method |
Non-Patent Citations (1)
| Title |
|---|
| 王恺璇 ; 李宇溪 ; 周福才 ; 王权琦 ; .面向多关键字的模糊密文搜索方法.计算机研究与发展.2017,(02),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113626485A (en) | 2021-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ge et al. | Towards achieving keyword search over dynamic encrypted cloud data with symmetric-key based verification | |
| Du et al. | Privacy-preserving indexing and query processing for secure dynamic cloud storage | |
| Wang et al. | Searchable encryption over feature-rich data | |
| Chase et al. | Substring-searchable symmetric encryption | |
| CN106776904B (en) | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment | |
| CN112800445B (en) | Boolean query method for forward and backward security and verifiability of ciphertext data | |
| CN109361644B (en) | Fuzzy attribute based encryption method supporting rapid search and decryption | |
| Strizhov et al. | Multi-keyword similarity search over encrypted cloud data | |
| Chen et al. | Bestie: Very practical searchable encryption with forward and backward security | |
| CN111552849B (en) | Searchable encryption method, system, storage medium, vehicle-mounted network and smart grid | |
| CN108111587B (en) | Cloud storage searching method based on time release | |
| Wang et al. | Generalized pattern matching string search on encrypted data in cloud systems | |
| CN104036050A (en) | Complex query method for encrypted cloud data | |
| CN110908959A (en) | Dynamic searchable encryption method supporting multi-keyword and result sorting | |
| Du et al. | GraphShield: Dynamic large graphs for secure queries with forward privacy | |
| Xu et al. | Dynamic searchable symmetric encryption with physical deletion and small leakage | |
| Li et al. | Multi-keyword fuzzy search over encrypted cloud storage data | |
| Ibrahim et al. | Towards efficient yet privacy-preserving approximate search in cloud computing | |
| Guo et al. | LuxGeo: Efficient and Security-Enhanced Geometric Range Queries | |
| CN108829714A (en) | A kind of ciphertext data multi-key word searches for method generally | |
| Wang et al. | Enabling efficient approximate nearest neighbor search for outsourced database in cloud computing | |
| CN113434739A (en) | Forward-safe multi-user dynamic symmetric encryption retrieval method in cloud environment | |
| CN113626485B (en) | Searchable encryption method and system suitable for database management system | |
| Wang et al. | Public key encryption with fuzzy matching | |
| CN114528370B (en) | Dynamic multi-keyword fuzzy ordering searching method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |